We have encountered an issue with the email format for new joiners. The standard format for emails should be the first initial of the first name, followed by the last name, in this format: [email protected] (e.g., [email protected]). However, we have noticed that emails are being created incorrectly, such as with the full first name and last name ([email protected]), or with variations like multiple initials or extra characters (e.g., [email protected]).
I reviewed the provisioning transaction for Active Directory (AD) accounts and confirmed that emails are being created in this incorrect format. Additionally, I couldn’t locate any specific “create” rule in the AD configuration that would be causing this.
Could you please advise on what are the check points i need perform or provide guidance on where else we might check to correct this email formatting issue?
Hi @GutteStolt,
Please check the Source for the email attribute.
Whether it is directly coming as input from your Target application. or
if you set the value through SailPoint, then validate the provisioning policy of create operation for your Authoritative application. or check the creation rule and customization rule.
Also check your Identity Mappings for your email attribute, is there any customization did.
I have reviewed the Authoritative application we don’t have create policy. Is that the email is is creating is SailPoint?
I have checked the identity mapping the source for the email is show Global rule IdentityAttribute - Email and the target is AD and HCM.
Additionally, I can see if the source is LCM for that user the email is creating correctly for example(Nov 6, 2024 9:01:48 PM Joiner LCM: xyz Identity created) the problem with this Refresh task(Nov 7, 2024 1:38:14 AM Joiner Task: Refresh Identities Identity created) I was thinking.
When you run the refresh task with the option Refresh Identity attributes, the Global rule IdentityAttribute - Email will execute. please validate that rule and update it accordingly.
I don’t see rule with the Global rule IdentityAttribute - Email Is the email is creating at the IIQ end i mean the IIQ is responsible to create the email for the new users. But when the user is creating with the LCM at that time why this issue is not encountered?
As per the identity mapping the source for the email is the Global rule IdentityAttribute - Email But per the rule logic if is creating the email when the email attribute is email. Here the confusion is if this is not a source for the email. Is that the LCM is responsible to create the email?
I can see in the target AD create provisioning policy email attribute is there. Is that creating the email?.
Please check your organization’s data flow. Whether the email is part of your authoritative data or not.
If not, it will be set through the Provisioning Policy during the onboarding process. Remove the global rule in Identity mappings and just add the attribute source for the email attribute. Therefore, you can fix the issue.
if you still have queries please share the global rule and provisioning policy information.
I have reviewed the joiner workflow in that workflow i see the reference rules are there. One of them is email address library. That rule is responsible to create the email for new user. No changes are done in that logic. Do you need to that logic to help to me debug logic where is the actual issue is accounted.
In that rule, please try to understand the following artifact. Initially, we are giving the user’s first letter of first name and last name with the domain and checking if the email address is already present. if it is present then we go with other formats.